Authentication and Authorization

CARUSO Dataplace uses API keys to authenticate client requests. The API key is a secret key for the data consumer and should be handled with care. Since CARUSO is a B2B marketplace an API key is only issued once for your company (i.e., we do not provide API keys to individual users). You will learn about your API Key once you have made your first subscription on the marketplace. The API key is used to make requests on behalf of your organization. In other words, it’s a shared key for all associated users of your company. The API Key constitutes sensitive information and it is highly recommended that best practices for storage of sensitive information are applied.

Name Description Example
X-Subscription-Id The subscription id. Consumer receives this id upon subscribing for a plan offered by a provider. 42dea87e-1b56-4faa-b2ad-e47d6a1c71dd
X-API-Key The API-Key provided by Caruso Dataplace to your company. 4safllqhtmbo1c6ndq91obslogcmimob[…]

Authorization of your requests to our API are done by our platform by checking the validity of the API Key and the subscription made by you. In case an invalid subscriptionId is given in the request header, or the subscriptionId is missing, it will cause your request to fail. Please have a look in our error handling for different authentication and authorization failure cases.

These required parameters are sent as HTTP-headers to the CARUSO platform as described in the examples shown in the section API Reference.